urlscan.io logo urlscan.io
SecurityTrails logo

redcanary.com Open in urlscan Pro
70.32.97.206  Public Scan

Go To Rescan Add Verdict Report
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Submission: On May 23 via manual from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 1 countries across 12 domains to perform 70 HTTP transactions. The main IP is 70.32.97.206, located in Culver City, United States and belongs to MEDIATEMPLE - Media Temple, Inc., US. The main domain is redcanary.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on April 18th 2018. Valid for: 3 months.
This is the only time redcanary.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
45 70.32.97.206 31815 (MEDIATEMPLE)
3 216.58.210.10 15169 (GOOGLE)
9 104.16.251.5 13335 (CLOUDFLAR...)
1 104.17.220.204 13335 (CLOUDFLAR...)
1 104.17.185.73 13335 (CLOUDFLAR...)
2 52.85.173.125 16509 (AMAZON-02)
1 104.17.211.204 13335 (CLOUDFLAR...)
1 104.19.197.151 13335 (CLOUDFLAR...)
3 216.58.210.3 15169 (GOOGLE)
1 104.17.71.176 13335 (CLOUDFLAR...)
1 2 216.58.208.46 15169 (GOOGLE)
1 74.125.206.155 15169 (GOOGLE)
1 104.17.115.180 13335 (CLOUDFLAR...)
70 13
45    70.32.97.206 (Culver City, United States)

ASN31815 (MEDIATEMPLE - Media Temple, Inc., US)
PTR: simcoe.identityvector.com
redcanary.com
3    216.58.210.10 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s07-in-f10.1e100.net
fonts.googleapis.com
ajax.googleapis.com
9    104.16.251.5 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
no-cache.hubspot.com
forms.hubspot.com
cta-service-cms2.hubspot.com
track.hubspot.com
1    104.17.220.204 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hscta.net
1    104.17.185.73 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hsforms.net
2    52.85.173.125 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-173-125.fra6.r.cloudfront.net
vidassets.terminus.services
1    104.17.211.204 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hs-scripts.com
1    104.19.197.151 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com
3    216.58.210.3 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s07-in-f3.1e100.net
fonts.gstatic.com
1    104.17.71.176 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hs-analytics.net
2    216.58.208.46 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s12-in-f46.1e100.net
www.google-analytics.com
1    74.125.206.155 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: wk-in-f155.1e100.net
stats.g.doubleclick.net
1    104.17.115.180 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
resources.redcanary.com
Domain Requested by
45 redcanary.com redcanary.com
ajax.googleapis.com
4 track.hubspot.com
3 fonts.gstatic.com redcanary.com
2 cta-service-cms2.hubspot.com js.hscta.net
2 forms.hubspot.com js.hsforms.net
2 www.google-analytics.com 1 redirects redcanary.com
2 vidassets.terminus.services redcanary.com
2 fonts.googleapis.com redcanary.com
1 resources.redcanary.com
1 stats.g.doubleclick.net redcanary.com
1 js.hs-analytics.net js.hs-scripts.com
1 cdnjs.cloudflare.com redcanary.com
1 js.hs-scripts.com redcanary.com
1 js.hsforms.net redcanary.com
1 js.hscta.net redcanary.com
1 no-cache.hubspot.com redcanary.com
1 ajax.googleapis.com redcanary.com
70 17
Subject Issuer Validity Valid
redcanary.com
Let's Encrypt Authority X3		 2018-04-18 -
2018-07-17		 3 months crt.sh
resources.redcanary.com
CloudFlare Inc ECC CA-2		 2017-11-16 -
2018-11-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Frame ID: E18885BD0CA4D2799F0220CA0FE49766
Requests: 70 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
  • script /\/wp-includes\//i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
  • script /\/wp-includes\//i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • env /^React$/i
Overall confidence: 100%
Detected patterns
  • env /^requirejs$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • env /^(?:_hsq|hubspot)$/i
Overall confidence: 100%
Detected patterns
  • env /^Modernizr$/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i
Overall confidence: 100%
Detected patterns
  • env /^_paq$/i

Page Statistics

70
Requests

66 %
HTTPS

0 %
IPv6

12
Domains

17
Subdomains

13
IPs

1
Countries

2308 kB
Transfer

3196 kB
Size

9
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 57
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=2034722932&t=pageview&_s=1&dl=https%3A%2F%2Fredcanary.com%2Fblog%2Fwindows-registry-attacks-threat-detection%2F&ul=en-us&de=UTF-8&dt=Windows%20Registry%20Attacks%3A%20Knowledge%20Is%20the%20Best%20Defense&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=814825636&gjid=1870365323&cid=1250384478.1527058486&tid=UA-52702906-1&_gid=238491358.1527058486&_r=1&z=126222081 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-52702906-1&cid=1250384478.1527058486&jid=814825636&_gid=238491358.1527058486&gjid=1870365323&_v=j68&z=126222081

70 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
redcanary.com/blog/windows-registry-attacks-threat-detection/ 		88 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
b554182a791f5fc6b44fa96fb4872967b9de3b97cb4f2daf7e22efe57107c6ca

Request headers

Host
redcanary.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
E18885BD0CA4D2799F0220CA0FE49766

Response headers

Date
Wed, 23 May 2018 06:54:44 GMT
Server
Apache
Vary
Accept-Encoding
Content-Encoding
gzip
Expires
max-age=2592000, public
Connection
keep-alive, Keep-Alive
Content-Length
17273
Keep-Alive
timeout=60, max=100
Content-Type
text/html; charset=UTF-8
7djp.css
redcanary.com/wp-content/cache/wpfc-minified/qiyg11fu/ 		204 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/cache/wpfc-minified/qiyg11fu/7djp.css
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
41e3111311ae59aa340552149be789c4aee778629ff58e61df2212c833587ea1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 May 2018 21:04:39 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=99
Content-Length
33538
Expires
max-age=2592000, public
css
fonts.googleapis.com/ 		1 KB
461 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A300%2C300italic%2C700%2C700italic%7CLato%3A700&subset=latin%2Clatin-ext
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
216.58.210.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f10.1e100.net
Software
ESF /
Resource Hash
d49972ad98121fc9bcf3a82c7ecd61686f7f06d21c23ea69eb1067ecfa6da520
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:45 GMT
content-encoding
gzip
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection
1; mode=block
expires
Wed, 23 May 2018 06:54:45 GMT
7djp.css
redcanary.com/wp-content/cache/wpfc-minified/mn4rutvb/ 		583 B
522 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/cache/wpfc-minified/mn4rutvb/7djp.css
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
80e71a57a578bb0fc911615682b09a5f4c4d00b93b8234639bc602d00744e523

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 May 2018 21:04:39 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
Content-Length
187
Expires
max-age=2592000, public
7djp.css
redcanary.com/wp-content/cache/wpfc-minified/8n9sjazs/ 		6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/cache/wpfc-minified/8n9sjazs/7djp.css
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
18af0a8887495d25ace6ebefb752a8381807a5b2a5a2a93326e7b120a0eb5e85

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:45 GMT
Content-Encoding
gzip
Last-Modified
Tue, 22 May 2018 21:04:39 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
Content-Length
2768
Expires
max-age=2592000, public
css
fonts.googleapis.com/ 		545 B
342 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A400%2C400i
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
216.58.210.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f10.1e100.net
Software
ESF /
Resource Hash
e97dcdf21c32d40eaf24f41f39dce7d2d74db9ad70d47f2ed70277f4507c15f7
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:45 GMT
content-encoding
gzip
server
ESF
status
200
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection
1; mode=block
expires
Wed, 23 May 2018 06:54:45 GMT
/
redcanary.com/ 		105 B
375 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/?display_custom_css=css
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
08962619da0045cc5ba2e591de27b06dafed6914135fa0ddd2789e56d51eec57

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:45 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Connection
keep-alive, Keep-Alive
Keep-Alive
timeout=60, max=100
Content-Length
95
Expires
max-age=2592000, public
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
216.58.210.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f10.1e100.net
Software
sffe /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 12 Feb 2018 14:49:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
8611517
status
200
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
30399
x-xss-protection
1; mode=block
last-modified
Thu, 25 Jan 2018 15:33:24 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Feb 2019 14:49:28 GMT
x-head.min.js
redcanary.com/wp-content/themes/x/framework/js/dist/site/ 		785 B
773 B 		Script
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/themes/x/framework/js/dist/site/x-head.min.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
488644566459f3255468970aef03cbc02dbf6a1a1cc9fc7487108d4221818c34

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:45 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Mar 2018 01:35:03 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
Content-Length
424
Expires
max-age=2592000, public
cs-head.js
redcanary.com/wp-content/plugins/cornerstone/assets/dist/js/site/ 		51 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/plugins/cornerstone/assets/dist/js/site/cs-head.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
704186d9490c3f205c9c414011e890ac1c53f7ae3fc679f4f2cc0978f4a78e78

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:45 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Mar 2018 14:44:01 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=98
Content-Length
15383
Expires
max-age=2592000, public
hoverIntent.min.js
redcanary.com/wp-includes/js/ 		1 KB
827 B 		Script
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-includes/js/hoverIntent.min.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
c0df99d896f6b409b47703361145068963f76a08b8d49d4053a9f6d11628f9ef

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:45 GMT
Content-Encoding
gzip
Last-Modified
Fri, 24 Apr 2015 01:58:45 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=99
Content-Length
479
Expires
max-age=2592000, public
x-head.min.js
redcanary.com/wp-content/themes/x/framework/legacy/cranium/js/dist/site/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/themes/x/framework/legacy/cranium/js/dist/site/x-head.min.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
65a320511999e203b91405b0d55c5ce6bad6808c70dd643ce53283e45dbcce26

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:45 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Mar 2018 01:35:03 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=99
Content-Length
1052
Expires
max-age=2592000, public
header_logo1.png
redcanary.com/wp-content/uploads/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/header_logo1.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
07a4af7967da58c3d80165959d48df8526d9d3bc1557c4102cf5728e47e340e7

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Tue, 03 Nov 2015 20:02:52 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=96
Content-Length
12124
Expires
max-age=2592000, public
products-icon-1.png
redcanary.com/wp-content/uploads/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/products-icon-1.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
a08a9ee0dfd3289c3fb73f2061cfd20c57f4360b5d10959870ed8f629c4c15d3

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Sat, 14 Apr 2018 19:07:14 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=98
Content-Length
3771
Expires
max-age=2592000, public
products-icon-2.png
redcanary.com/wp-content/uploads/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/products-icon-2.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
e4554d9d4fafe8778ea731096a74e71c622c5f132ec7ee7ea3b044acd1ddbcb8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Sat, 14 Apr 2018 19:07:52 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=99
Content-Length
2833
Expires
max-age=2592000, public
products-icon-3.png
redcanary.com/wp-content/uploads/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/products-icon-3.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
aaba7338b5bc04409b692bb7cfc4cb40e2ea637c076f3f36e05722628eb12c11

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Sat, 14 Apr 2018 19:07:57 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=95
Content-Length
4837
Expires
max-age=2592000, public
Solutions-Outsource440.png
redcanary.com/wp-content/uploads/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/Solutions-Outsource440.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
fd80e50f5b108ae2f3633871da65e3b622a75142f0946ebc19007fbe9f3f0667

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Sat, 14 Apr 2018 19:10:56 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=97
Content-Length
51264
Expires
max-age=2592000, public
EDR_Buyers_Guide.png
redcanary.com/wp-content/uploads/ 		203 KB
204 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/EDR_Buyers_Guide.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
b0dadfe731d533cc40da26f9151bcca69a1bf0f9a916a42b7a73fcb0694cc81b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Sat, 14 Apr 2018 19:13:43 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=98
Content-Length
208158
Expires
max-age=2592000, public
Threat-Detection497-1.png
redcanary.com/wp-content/uploads/ 		40 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/Threat-Detection497-1.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
ddda1eda9b24348cb9546825d2400b05cfaff6c2dc014066ebec7a4cc73ba760

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Thu, 20 Apr 2017 19:16:19 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=98
Content-Length
40767
Expires
max-age=2592000, public
01.png
redcanary.com/wp-content/uploads/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/01.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
b826c8d76c5c2f09e57bf6f732ee57676cb436e665b11136c64132d51b8fc22c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Thu, 20 Apr 2017 17:10:37 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=94
Content-Length
11362
Expires
max-age=2592000, public
02.png
redcanary.com/wp-content/uploads/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/02.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
dead4ab0942615e6d7d796ce05021b944d1ad775e4a7144240c9e57766ef1c96

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Thu, 20 Apr 2017 17:14:03 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=97
Content-Length
9333
Expires
max-age=2592000, public
03-1.png
redcanary.com/wp-content/uploads/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/03-1.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
946e23a865fed82b2bfe9d1f443d72f36293c5ca38ca9ea48501f91dbc1c5a8b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Thu, 20 Apr 2017 21:40:53 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=96
Content-Length
73581
Expires
max-age=2592000, public
05.png
redcanary.com/wp-content/uploads/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/05.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
8fd0efa7cf5fdb2577f7ae77d340f36816692f28102694d1fc6594400da599c4

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Thu, 20 Apr 2017 17:15:10 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=95
Content-Length
15246
Expires
max-age=2592000, public
mshta.png
redcanary.com/wp-content/uploads/ 		100 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/mshta.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
98a96e9df577aae6d2fb7e43adbe0d8cbb35aa67a51b76e0112cef38ede0c290

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Thu, 20 Apr 2017 21:32:35 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=95
Content-Length
101964
Expires
max-age=2592000, public
powershell.png
redcanary.com/wp-content/uploads/ 		88 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/powershell.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
182f3fc0010753cff4ded1cd7b5216d7a69f628911aaa5218c204899bedd2e6e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Thu, 20 Apr 2017 21:37:39 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=94
Content-Length
89612
Expires
max-age=2592000, public
10.png
redcanary.com/wp-content/uploads/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/10.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
bc276adc3232cd6dcf5e32b066c1a51be7beadfea6864c94aedd805045c3dbbd

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Thu, 20 Apr 2017 17:35:26 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=95
Content-Length
12182
Expires
max-age=2592000, public
08_revised.png
redcanary.com/wp-content/uploads/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/08_revised.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
b030526557bc4c53888aec9b945cbf3bab87b076aec80e7229e524cd45e681c3

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Fri, 21 Apr 2017 13:00:52 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=97
Content-Length
19667
Expires
max-age=2592000, public
09_revised.png
redcanary.com/wp-content/uploads/ 		56 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/09_revised.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
38c8dfa5077e532feb6db9824c3c8eb8500a53b30af1ad516d4ef3c9e9256d0f

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Fri, 21 Apr 2017 18:02:58 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=96
Content-Length
57202
Expires
max-age=2592000, public
d85e90e9-16d6-433b-ae70-77b4829c1081.png
no-cache.hubspot.com/cta/default/1860440/ 		411 KB
412 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/1860440/d85e90e9-16d6-433b-ae70-77b4829c1081.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
104.16.251.5 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa230b6200d2c9d1d119c8ce144979428a96e5e5e94cf1389f0585098a8a28a8

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:46 GMT
last-modified
Tue, 13 Dec 2016 20:44:02 GMT
server
cloudflare
x-amz-request-id
D8588B27D1C84830
etag
"74808db46fd57cd9c5a1bba57dec7655"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/png
status
200
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
41f59cf21bd81583-FRA
content-length
420831
x-amz-id-2
s2Su9LH42jX/ZoLfrXnmSK9YZ3j1bqgJOuSs4cAjXNFLEIzbEBBgpp3nH/u1/XFedwqJZVlAGpA=
current.js
js.hscta.net/cta/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscta.net/cta/current.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
104.17.220.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e998a829849a1ac8f2350b5a30c5d4422b02704370df1bbcce8f92a571bedc4

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

timing-allow-origin
*
date
Wed, 23 May 2018 06:54:45 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 05 Feb 2018 03:19:59 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=600
cf-ray
41f59ceeaa7e97a4-FRA
content-length
3131
x-amz-cf-id
fBJfmji09F4AUr7IGIHZnlCulXrx8x6LdCUKXJyW0zEYDn_BYRbr6Q==
v2.js
js.hsforms.net/forms/ 		357 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
104.17.185.73 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2b777dd96b2b7c1139f3eafb6624feab20fe5cf07f3b611664feebd4363bb2e

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:45 GMT
via
1.1 51c76241371dfc20d25094a51b4759eb.cloudfront.net (CloudFront)
cf-cache-status
HIT
cf-ray
41f59ceefd08978c-FRA
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
gzip
last-modified
Tue, 22 May 2018 12:16:56 GMT
server
cloudflare
etag
W/"cff6ddf518ddb47b8b90fa8d80e1a67b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
kRtwEmMcxMzbPTVX5PaESZA7jHwVE85U
access-control-allow-origin
*
cache-control
max-age=600
content-type
application/javascript; charset=utf-8
x-amz-cf-id
S0PBFQIyEQlEh8KMUpdU0uAtivBfQcxPMxwybLV7fBBHKsxW1yXdXQ==
9-Lessons-on-Building-a-SOC-4-1-125x60.png
redcanary.com/wp-content/uploads/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/9-Lessons-on-Building-a-SOC-4-1-125x60.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
9023ea78f84c3f14bc403bee4b3409723e67ceb3ab9b70433ae5c0c791ca1377

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:47 GMT
Last-Modified
Tue, 22 May 2018 06:30:51 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=94
Content-Length
12893
Expires
max-age=2592000, public
Detector-Tuning-4-1-125x60.png
redcanary.com/wp-content/uploads/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/Detector-Tuning-4-1-125x60.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
c3deded26e68d3ce30ece535336a173cdc54097f393f08701912c39b3b26888b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:47 GMT
Last-Modified
Thu, 17 May 2018 17:12:19 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=92
Content-Length
7610
Expires
max-age=2592000, public
Detector-Development-2-1-125x60.png
redcanary.com/wp-content/uploads/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/Detector-Development-2-1-125x60.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
7cd8220d04001bf93e1f739954f624860e4025f13e08c1d735e6ef957ac4b1dd

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:47 GMT
Last-Modified
Wed, 09 May 2018 17:10:14 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=95
Content-Length
9572
Expires
max-age=2592000, public
SIEM-6-1-125x60.png
redcanary.com/wp-content/uploads/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/SIEM-6-1-125x60.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
185671c11b40e592a266e89d299242d0a22ed245610b7e9315a59598928ac228

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:47 GMT
Last-Modified
Wed, 02 May 2018 16:31:51 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=96
Content-Length
21360
Expires
max-age=2592000, public
Security-Architect-Lessons-2-1-125x60.png
redcanary.com/wp-content/uploads/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/Security-Architect-Lessons-2-1-125x60.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
9c562f46cdc2498bfae9bb32ff202a342efea74b4c9a7bcbee405a76b4a1e5bb

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:47 GMT
Last-Modified
Wed, 25 Apr 2018 20:12:56 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=93
Content-Length
11816
Expires
max-age=2592000, public
Threat-Detection-45x45.png
redcanary.com/wp-content/uploads/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/Threat-Detection-45x45.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
b03adeb57fde622bcf1dface434b0fe82982af618b1a7f136fa38f4c60baad50

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:47 GMT
Last-Modified
Mon, 20 Nov 2017 16:40:05 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=94
Content-Length
1237
Expires
max-age=2592000, public
Detector-Development-2-1-45x45.png
redcanary.com/wp-content/uploads/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/Detector-Development-2-1-45x45.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
7cef803eade3d374bc6d6a1b4a8db168ff0021757e081e8ada7448c392bcec5a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:47 GMT
Last-Modified
Tue, 08 May 2018 21:03:11 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=91
Content-Length
3056
Expires
max-age=2592000, public
AtomicRedTeamTesting2-45x45.png
redcanary.com/wp-content/uploads/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/AtomicRedTeamTesting2-45x45.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
8f6c5efc3e8d8a11ec75100b7d7dc2f08a6d42ee63f39d9422238140cba5d155

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:47 GMT
Last-Modified
Wed, 18 Oct 2017 18:38:04 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=94
Content-Length
4829
Expires
max-age=2592000, public
Untitled-design-47-45x45.png
redcanary.com/wp-content/uploads/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/Untitled-design-47-45x45.png
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
575264b0342ec565cbf6cf3cee8d8a111ca35d7fd15ebaefdca6f458e0d0048d

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:47 GMT
Last-Modified
Thu, 13 Jul 2017 18:01:57 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=95
Content-Length
4348
Expires
max-age=2592000, public
t.js
vidassets.terminus.services/69073ede-c166-43e2-9f42-e294ce366f17/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidassets.terminus.services/69073ede-c166-43e2-9f42-e294ce366f17/t.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
52.85.173.125 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-173-125.fra6.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
852d6ef7e1f541e29805a611f49b52f6ecb7a47679e966c9264db3c177234ba6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Thu, 03 May 2018 17:20:29 GMT
via
1.1 55ee6ea70e0823309f10db2e4b8f119f.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Sun, 22 Apr 2018 13:25:43 GMT
server
nginx/1.10.3 (Ubuntu)
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=600
x-cache
RefreshHit from cloudfront
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
content-length
2652
x-amz-cf-id
7fDP0bPoabBCXCuWENcDQyTX41ENY6qqRmEUImSsUFNwLMeWLzeBfg==
1860440.js
js.hs-scripts.com/ 		441 B
582 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/1860440.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
104.17.211.204 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e3656710d18ae528e3e11d849d1b9dd0b6107914570b5a7033b275940452290

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:46 GMT
content-encoding
gzip
vary
Accept-Encoding, User-Agent
cf-cache-status
EXPIRED
status
200
content-length
310
server
cloudflare
x-trace
2BE1745826165AF9C76705EDFBD2C8EFCD775D3ACF000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://redcanary.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
41f59cf21da69aac-FRA
expires
Wed, 23 May 2018 06:55:46 GMT
x-body.min.js
redcanary.com/wp-content/themes/x/framework/js/dist/site/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/themes/x/framework/js/dist/site/x-body.min.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
822acb88438775b66cafe7e24260c3603547ac391bce5a6bd377f7f18ffcb270

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Mar 2018 01:35:03 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=98
Content-Length
7407
Expires
max-age=2592000, public
comment-reply.min.js
redcanary.com/wp-includes/js/ 		1 KB
937 B 		Script
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-includes/js/comment-reply.min.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 10 Dec 2015 03:57:43 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=99
Content-Length
589
Expires
max-age=2592000, public
cs-body.js
redcanary.com/wp-content/plugins/cornerstone/assets/dist/js/site/ 		144 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/plugins/cornerstone/assets/dist/js/site/cs-body.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
5f0da972cdd65e2c4b4ea8f6ef2e8c6fa21cfd9b82d21787319d2759ce4557a6

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Content-Encoding
gzip
Last-Modified
Mon, 12 Mar 2018 14:44:01 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=98
Content-Length
40641
Expires
max-age=2592000, public
megamenu.js
redcanary.com/wp-content/themes/x-child/ 		5 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/themes/x-child/megamenu.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
18a259db9fc33fc42f6db1e940b0a7d56b38af9ac739084bb6622c4c550f49a0

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 17 May 2018 20:18:31 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=97
Content-Length
812
Expires
max-age=2592000, public
jquery.matchHeight-min.js
cdnjs.cloudflare.com/ajax/libs/jquery.matchHeight/0.7.2/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.matchHeight/0.7.2/jquery.matchHeight-min.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
104.19.197.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa87904726726364ad19a7c4b2f2b20ee10637325601b5aa88ed8bfdcb7117a7
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:46 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Sun, 19 Feb 2017 18:47:36 GMT
server
cloudflare
status
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
strict-transport-security
max-age=15780000; includeSubDomains
cf-ray
41f59cf21d30970c-FRA
expires
Mon, 13 May 2019 06:54:46 GMT
x-body.min.js
redcanary.com/wp-content/themes/x/framework/legacy/cranium/js/dist/site/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/themes/x/framework/legacy/cranium/js/dist/site/x-body.min.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
96acef92592be7903e2c7f0f9b37749f09909e2c9c60b83407ace22b27f0bd5a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Mar 2018 01:35:03 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=99
Content-Length
1103
Expires
max-age=2592000, public
wp-embed.min.js
redcanary.com/wp-includes/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-includes/js/wp-embed.min.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Content-Encoding
gzip
Last-Modified
Wed, 25 Jan 2017 19:49:37 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=100
Content-Length
751
Expires
max-age=2592000, public
6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRdr.ttf
fonts.gstatic.com/s/sourcesanspro/v11/ 		66 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwmRdr.ttf
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
216.58.210.3 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f3.1e100.net
Software
sffe /
Resource Hash
64f419f439c007b058fb5c01347fed427d9cdb1cca495d8b1505f93fe69795d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A300%2C300italic%2C700%2C700italic%7CLato%3A700&subset=latin%2Clatin-ext
Origin
https://redcanary.com

Response headers

date
Wed, 09 May 2018 03:52:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1220535
status
200
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
33056
x-xss-protection
1; mode=block
last-modified
Wed, 11 Oct 2017 18:25:39 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 09 May 2019 03:52:31 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7g.ttf
fonts.gstatic.com/s/sourcesanspro/v11/ 		39 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v11/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7g.ttf
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
216.58.210.3 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f3.1e100.net
Software
sffe /
Resource Hash
898ab48e439e72de77598748c641141700a2e924949b58b264a79acb9ef2dd4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A400%2C400i
Origin
https://redcanary.com

Response headers

date
Mon, 12 Feb 2018 20:06:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
8592520
status
200
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
20225
x-xss-protection
1; mode=block
last-modified
Wed, 11 Oct 2017 18:26:06 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 12 Feb 2019 20:06:06 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRdr.ttf
fonts.gstatic.com/s/sourcesanspro/v11/ 		65 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v11/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwmRdr.ttf
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
216.58.210.3 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s07-in-f3.1e100.net
Software
sffe /
Resource Hash
24e3c39a71361ad53118e064f055536aa7b6108668dea73e548d452bd545e119
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A300%2C300italic%2C700%2C700italic%7CLato%3A700&subset=latin%2Clatin-ext
Origin
https://redcanary.com

Response headers

date
Mon, 09 Apr 2018 21:05:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3750548
status
200
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
32716
x-xss-protection
1; mode=block
last-modified
Wed, 11 Oct 2017 18:26:16 GMT
server
sffe
vary
Accept-Encoding
content-type
font/ttf
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 09 Apr 2019 21:05:38 GMT
fontawesome-webfont.woff2
redcanary.com/wp-content/themes/x/framework/fonts/font_awesome/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://redcanary.com/wp-content/themes/x/framework/fonts/font_awesome/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Pragma
no-cache
Origin
https://redcanary.com
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
*/*
Referer
https://redcanary.com/wp-content/cache/wpfc-minified/qiyg11fu/7djp.css
Connection
keep-alive
Cache-Control
no-cache
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://redcanary.com/wp-content/cache/wpfc-minified/qiyg11fu/7djp.css
Origin
https://redcanary.com

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Thu, 15 Mar 2018 01:35:03 GMT
Server
Apache
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=97
Content-Length
77160
Expires
max-age=2592000, public
t.gif
vidassets.terminus.services/69073ede-c166-43e2-9f42-e294ce366f17/ 		42 B
670 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vidassets.terminus.services/69073ede-c166-43e2-9f42-e294ce366f17/t.gif?d=89b976e2-7e62-4384-af96-a2217648b559&s=546bfd17-edfb-4772-8236-6a3af9ad2d12&cb=1527058486223
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
52.85.173.125 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-173-125.fra6.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Thu, 03 May 2018 17:20:30 GMT
via
1.1 55ee6ea70e0823309f10db2e4b8f119f.cloudfront.net (CloudFront)
x-content-type-options
nosniff
last-modified
Sun, 22 Apr 2018 13:25:35 GMT
server
nginx/1.10.3 (Ubuntu)
status
200
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control
public, s-maxage=600
x-cache
RefreshHit from cloudfront
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
content-length
42
x-amz-cf-id
juxI4g67Axzg_5W9qqhU9VTOAAvZPyVoJPwRh4vHPzGn4sqmVULxUA==
1860440.js
js.hs-analytics.net/analytics/1527058200000/ 		72 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1527058200000/1860440.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/1860440.js
Protocol
SPDY
Server
104.17.71.176 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
04c4e824aedf5136006da51e8c39c2561eb0e079e6c1668526d46ee47b5f9f0d

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:46 GMT
content-encoding
gzip
cf-cache-status
MISS
x-amz-request-id
0D1E8CC610A5ABA8
cf-ray
41f59cf30cdb6349-FRA
status
200
content-length
24699
x-amz-id-2
ZEkxxTzF0fQflZ7F4X4bcSWqoOPX3oVxwJlXcUUUm8RfrFloP16sTS2yBE/SUNmp9uB1guD+2p0=
last-modified
Tue, 15 May 2018 03:19:59 GMT
server
cloudflare
etag
W/"c7764e3aa0f55268b372d579d0b2637f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Wed, 23 May 2018 06:59:46 GMT
analytics.js
www.google-analytics.com/ 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
216.58.208.46 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s12-in-f46.1e100.net
Software
Golfe2 /
Resource Hash
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 18 May 2018 01:10:24 GMT
server
Golfe2
age
7119
date
Wed, 23 May 2018 04:56:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
14386
expires
Wed, 23 May 2018 06:56:07 GMT
c04e322a-8771-41e4-8ff3-6540ab6df77b
forms.hubspot.com/embed/v3/form/1860440/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/embed/v3/form/1860440/c04e322a-8771-41e4-8ff3-6540ab6df77b?callback=hs_reqwest_0&hutk=
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
SPDY
Server
104.16.251.5 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae0076dfeafe9b259429d775074d84e172c6075cd087f3605508c558e2e4ae0d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
x-trace
2BA4F64AD0225A95E03E06B5141F9E245EB31134E1000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
content-disposition
attachment; filename=no-rfd.txt
cf-ray
41f59cf42c771583-FRA
content-length
1636
3163d8b1-f59e-4ded-9c37-e7a1ef5a59c9
forms.hubspot.com/embed/v3/form/1860440/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/embed/v3/form/1860440/3163d8b1-f59e-4ded-9c37-e7a1ef5a59c9?callback=hs_reqwest_1&hutk=
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
SPDY
Server
104.16.251.5 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f9f3eeddc3e00c37c891c9f156a92dde657b17289e5c89a4d09a68748474aad
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
x-trace
2B9603B5DC93E92F0FD9921E3EE25FBD94A990D64F000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
content-disposition
attachment; filename=no-rfd.txt
cf-ray
41f59cf42c781583-FRA
content-length
1614
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j68&a=2034722932&t=pageview&_s=1&dl=https%3A%2F%2Fredcanary.com%2Fblog%2Fwindows-registry-attacks-threat-detection%2F&ul=en-us&de=UTF-8&dt=Windows%...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-52702906-1&cid=1250384478.1527058486&jid=814825636&_gid=238491358.1527058486&gjid=1870365323&_v=j68&z=126222081
35 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-52702906-1&cid=1250384478.1527058486&jid=814825636&_gid=238491358.1527058486&gjid=1870365323&_v=j68&z=126222081
Requested by
Host: redcanary.com
URL: https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Protocol
SPDY
Server
74.125.206.155 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
wk-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Wed, 23 May 2018 06:54:46 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 23 May 2018 06:54:46 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-52702906-1&cid=1250384478.1527058486&jid=814825636&_gid=238491358.1527058486&gjid=1870365323&_v=j68&z=126222081
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
417
expires
Fri, 01 Jan 1990 00:00:00 GMT
megamenu-company.png
redcanary.com/wp-content/uploads/ 		101 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/megamenu-company.png
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
dda39042c7dc965f840483d36120485c2077e7c68f088cca9b66396569d4a7f9

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Sat, 14 Apr 2018 19:16:12 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=96
Content-Length
103287
Expires
max-age=2592000, public
megamenu-resources.png
redcanary.com/wp-content/uploads/ 		148 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/megamenu-resources.png
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
a0b4c26571c25d14c784456d895ab1939ef6a2b4ea3daf5602b6d0498c57eb85

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Sat, 14 Apr 2018 19:13:37 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=97
Content-Length
151443
Expires
max-age=2592000, public
megamenu-solutions.png
redcanary.com/wp-content/uploads/ 		64 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/megamenu-solutions.png
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
288f5043cd2b110794e59b42a58b52fb7ca0c44be3ec6df6ec15a9227a9f249f

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Sat, 14 Apr 2018 19:10:51 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=96
Content-Length
66025
Expires
max-age=2592000, public
megamenu-products.png
redcanary.com/wp-content/uploads/ 		117 KB
117 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://redcanary.com/wp-content/uploads/megamenu-products.png
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
70.32.97.206 Culver City, United States, ASN31815 (MEDIATEMPLE - Media Temple, Inc., US),
Reverse DNS
simcoe.identityvector.com
Software
Apache /
Resource Hash
180ed4b1056972f98155addd0ca8b2454e448b5006faac64a3e18815724ad5c9

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
redcanary.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
Cookie
d-a8e6=89b976e2-7e62-4384-af96-a2217648b559; s-9da4=546bfd17-edfb-4772-8236-6a3af9ad2d12; _ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1
Connection
keep-alive
Cache-Control
no-cache
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Wed, 23 May 2018 06:54:46 GMT
Last-Modified
Sat, 14 Apr 2018 19:08:51 GMT
Server
Apache
Content-Type
image/png
Connection
keep-alive, Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=60, max=93
Content-Length
119705
Expires
max-age=2592000, public
loader-v2.js
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/loader-v2.js?__hsfp=2697888615&__hssc=188883380.1.1527058487283&__hstc=188883380.1d3f415a2537a1e9830f3b17ff06e1d2.1527058487282.1527058487282.1527058487282.1&canon=https%3A%2F%2Fredcanary.com%2Fblog%2Fwindows-registry-attacks-threat-detection%2F&hsutk=1d3f415a2537a1e9830f3b17ff06e1d2&pg=d85e90e9-16d6-433b-ae70-77b4829c1081&pid=1860440&sv=static-1.153&lag=1168&rdy=1&df=a
Requested by
Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js
Protocol
SPDY
Server
104.16.251.5 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f43115d0a9bed7936f530dc123fb77d87435728ed9910acd11674b9cd0d1aeba

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:47 GMT
content-encoding
gzip
x-robots-tag
noindex, follow
server
cloudflare
x-trace
2BDF62A608F74A498F4332F58B1A891BA5B989F13B000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, User-Agent
content-type
text/javascript
status
200
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
cf-ray
41f59cf99df31583-FRA
content-length
2504
__ptq.gif
track.hubspot.com/ 		45 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=c04e322a-8771-41e4-8ff3-6540ab6df77b&fci=6432b37f-2d59-40df-9f01-d73690036c2e&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2697888615&v=1.1&a=1860440&ct=blog-post&rcu=https%3A%2F%2Fredcanary.com%2Fblog%2Fwindows-registry-attacks-threat-detection%2F&t=Windows+Registry+Attacks%3A+Knowledge+Is+the+Best+Defense&cts=1527058487301&vi=1d3f415a2537a1e9830f3b17ff06e1d2&nc=true&u=188883380.1d3f415a2537a1e9830f3b17ff06e1d2.1527058487282.1527058487282.1527058487282.1&b=188883380.1.1527058487283
Protocol
SPDY
Server
104.16.251.5 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:47 GMT
x-robots-tag
none
server
cloudflare
p3p
CP="NOI CUR ADM OUR NOR STA NID"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
41f59cf9adfb1583-FRA
content-length
45
__ptq.gif
track.hubspot.com/ 		45 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=3163d8b1-f59e-4ded-9c37-e7a1ef5a59c9&fci=5f9f82b1-3c10-4440-aca5-9f82222875c2&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2697888615&v=1.1&a=1860440&ct=blog-post&rcu=https%3A%2F%2Fredcanary.com%2Fblog%2Fwindows-registry-attacks-threat-detection%2F&t=Windows+Registry+Attacks%3A+Knowledge+Is+the+Best+Defense&cts=1527058487302&vi=1d3f415a2537a1e9830f3b17ff06e1d2&nc=true&u=188883380.1d3f415a2537a1e9830f3b17ff06e1d2.1527058487282.1527058487282.1527058487282.1&b=188883380.1.1527058487283
Protocol
SPDY
Server
104.16.251.5 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:47 GMT
x-robots-tag
none
server
cloudflare
p3p
CP="NOI CUR ADM OUR NOR STA NID"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
41f59cf9adfd1583-FRA
content-length
45
__ptq.gif
track.hubspot.com/ 		45 B
124 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2697888615&v=1.1&a=1860440&ct=blog-post&rcu=https%3A%2F%2Fredcanary.com%2Fblog%2Fwindows-registry-attacks-threat-detection%2F&t=Windows+Registry+Attacks%3A+Knowledge+Is+the+Best+Defense&cts=1527058487303&vi=1d3f415a2537a1e9830f3b17ff06e1d2&nc=true&u=188883380.1d3f415a2537a1e9830f3b17ff06e1d2.1527058487282.1527058487282.1527058487282.1&b=188883380.1.1527058487283
Protocol
SPDY
Server
104.16.251.5 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:47 GMT
x-robots-tag
none
server
cloudflare
p3p
CP="NOI CUR ADM OUR NOR STA NID"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
41f59cf9adfe1583-FRA
content-length
45
__ptq.gif
track.hubspot.com/ 		45 B
173 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22d85e90e9-16d6-433b-ae70-77b4829c1081%22%2C%2297350d64-28d3-4623-8259-4e4b669036ba%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=2697888615&v=1.1&a=1860440&ct=blog-post&rcu=https%3A%2F%2Fredcanary.com%2Fblog%2Fwindows-registry-attacks-threat-detection%2F&t=Windows+Registry+Attacks%3A+Knowledge+Is+the+Best+Defense&cts=1527058487433&vi=1d3f415a2537a1e9830f3b17ff06e1d2&nc=true&u=188883380.1d3f415a2537a1e9830f3b17ff06e1d2.1527058487282.1527058487282.1527058487282.1&b=188883380.1.1527058487283
Protocol
SPDY
Server
104.16.251.5 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:47 GMT
x-robots-tag
none
server
cloudflare
p3p
CP="NOI CUR ADM OUR NOR STA NID"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
41f59cfa7e381583-FRA
content-length
45
cta-loaded.js
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 		0
134 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=1860440&pg=d85e90e9-16d6-433b-ae70-77b4829c1081&lt=1527058486120&dt=1527058487288&at=1527058487435&ae=1&sl=1&an=1
Requested by
Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js
Protocol
SPDY
Server
104.16.251.5 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:47 GMT
x-robots-tag
noindex, follow
server
cloudflare
x-trace
2B076182A4305D2E72B6E47887856A429391787067000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, User-Agent
content-type
application/octet-stream
status
200
cache-control
no-cache, no-store, no-transform, max-age=0
access-control-allow-credentials
false
cf-ray
41f59cfa8e3d1583-FRA
content-length
0
0fa700b7-b8ad-483e-94a7-1a47e38db431.png
resources.redcanary.com/hubfs/hub_generated/resized/ 		217 KB
218 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resources.redcanary.com/hubfs/hub_generated/resized/0fa700b7-b8ad-483e-94a7-1a47e38db431.png
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.115.180 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
430ce9db277eadef619cbfadb3c33ec64914dbe774f58cb416fa67eeab8858ae

Request headers

:path
/hubfs/hub_generated/resized/0fa700b7-b8ad-483e-94a7-1a47e38db431.png
pragma
no-cache
cookie
_ga=GA1.2.1250384478.1527058486; _gid=GA1.2.238491358.1527058486; _gat=1; __hstc=188883380.1d3f415a2537a1e9830f3b17ff06e1d2.1527058487282.1527058487282.1527058487282.1; __hssrc=1; __hssc=188883380.1.1527058487283; hubspotutk=1d3f415a2537a1e9830f3b17ff06e1d2
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
resources.redcanary.com
referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
:scheme
https
:method
GET
Referer
https://redcanary.com/blog/windows-registry-attacks-threat-detection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Wed, 23 May 2018 06:54:47 GMT
via
1.1 487cdcdf7a19623b97a27be170bb81f4.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-request-id
D4CA1B4F4B5430BC
cf-polished
origFmt=png, origSize=420831
x-cache
Miss from cloudfront
status
200
content-disposition
inline; filename="0fa700b7-b8ad-483e-94a7-1a47e38db431.webp"
x-hs-cf-lambda
us-east-1.setCacheTagHeaders 29
content-length
221866
x-amz-id-2
zPB4BaUAsxn3aWzZrC1tgSVK9uNYsfE/r0v9y6CaGFgmAop+UgZ2+Zuln330/TmDGaRzo1Yj70s=
last-modified
Tue, 13 Dec 2016 20:43:56 GMT
server
cloudflare
etag
"74808db46fd57cd9c5a1bba57dec7655"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
s-maxage=1209600, max-age=1209600
x-amz-version-id
TcWemnT0fYnmExgiKOKGVB_CFDZJTfZj
set-cookie
__cfduid=dc643a029b25e8e3a90941bac06eb66e81527058487; expires=Thu, 23-May-19 06:54:47 GMT; path=/; domain=.resources.redcanary.com; HttpOnly
accept-ranges
bytes
cf-ray
41f59cfaeb666487-FRA
x-amz-cf-id
evUeaEcx6ov5DJB27tYNL0-urmlGsE-i1hhIjnWIQqDxnjeopV1WFw==
cf-bgj
imgq:85

Verdicts & Comments Add Verdict or Comment

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| __core-js_shared__ object| csModernizr object| Modernizr object| csGlobal object| CS_csHead object| _hsq object| hbspt object| globalRoot function| hns object| hubspot object| __hsRoot object| hspreserve undefined| React undefined| reqwest function| OutpostErrorReporter undefined| Pikaday undefined| Q function| hns2 function| hmerge undefined| I18n undefined| ReactDOM undefined| require undefined| requirejs undefined| define undefined| exports undefined| module undefined| bootstrap object| HSFR object| addComment object| CornerstoneShims function| Waypoint object| xData object| CS_csBody object| wp string| GoogleAnalyticsObject function| ga function| hs_reqwest_0 function| hs_reqwest_1 object| xGlobal function| xToggleGetState function| xToggleUpdate object| gaplugins object| gaGlobal object| gaData object| _paq boolean| _hstc_loaded boolean| _hstc_ran number| expireDateTime

9 Cookies

Domain/Path Name / Value
.redcanary.com/ Name: __hssrc
Value: 1
.redcanary.com/ Name: __hstc
Value: 188883380.1d3f415a2537a1e9830f3b17ff06e1d2.1527058487282.1527058487282.1527058487282.1
.redcanary.com/ Name: hubspotutk
Value: 1d3f415a2537a1e9830f3b17ff06e1d2
redcanary.com/ Name: d-a8e6
Value: 89b976e2-7e62-4384-af96-a2217648b559
.redcanary.com/ Name: _gat
Value: 1
.redcanary.com/ Name: __hssc
Value: 188883380.1.1527058487283
.redcanary.com/ Name: _ga
Value: GA1.2.1250384478.1527058486
redcanary.com/ Name: s-9da4
Value: 546bfd17-edfb-4772-8236-6a3af9ad2d12
.redcanary.com/ Name: _gid
Value: GA1.2.238491358.1527058486

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
cta-service-cms2.hubspot.com
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
js.hs-analytics.net
js.hs-scripts.com
js.hscta.net
js.hsforms.net
no-cache.hubspot.com
redcanary.com
resources.redcanary.com
stats.g.doubleclick.net
track.hubspot.com
vidassets.terminus.services
www.google-analytics.com
104.16.251.5
104.17.115.180
104.17.185.73
104.17.211.204
104.17.220.204
104.17.71.176
104.19.197.151
216.58.208.46
216.58.210.10
216.58.210.3
52.85.173.125
70.32.97.206
74.125.206.155
04c4e824aedf5136006da51e8c39c2561eb0e079e6c1668526d46ee47b5f9f0d
07a4af7967da58c3d80165959d48df8526d9d3bc1557c4102cf5728e47e340e7
08962619da0045cc5ba2e591de27b06dafed6914135fa0ddd2789e56d51eec57
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
180ed4b1056972f98155addd0ca8b2454e448b5006faac64a3e18815724ad5c9
182f3fc0010753cff4ded1cd7b5216d7a69f628911aaa5218c204899bedd2e6e
185671c11b40e592a266e89d299242d0a22ed245610b7e9315a59598928ac228
18a259db9fc33fc42f6db1e940b0a7d56b38af9ac739084bb6622c4c550f49a0
18af0a8887495d25ace6ebefb752a8381807a5b2a5a2a93326e7b120a0eb5e85
1b1ca0f15010e0124bd4ca481404643c88f7eda1b276e9554d0ed83fb45b7e30
24e3c39a71361ad53118e064f055536aa7b6108668dea73e548d452bd545e119
288f5043cd2b110794e59b42a58b52fb7ca0c44be3ec6df6ec15a9227a9f249f
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2f9f3eeddc3e00c37c891c9f156a92dde657b17289e5c89a4d09a68748474aad
38c8dfa5077e532feb6db9824c3c8eb8500a53b30af1ad516d4ef3c9e9256d0f
3e3656710d18ae528e3e11d849d1b9dd0b6107914570b5a7033b275940452290
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
41e3111311ae59aa340552149be789c4aee778629ff58e61df2212c833587ea1
430ce9db277eadef619cbfadb3c33ec64914dbe774f58cb416fa67eeab8858ae
488644566459f3255468970aef03cbc02dbf6a1a1cc9fc7487108d4221818c34
575264b0342ec565cbf6cf3cee8d8a111ca35d7fd15ebaefdca6f458e0d0048d
5f0da972cdd65e2c4b4ea8f6ef2e8c6fa21cfd9b82d21787319d2759ce4557a6
64f419f439c007b058fb5c01347fed427d9cdb1cca495d8b1505f93fe69795d6
65a320511999e203b91405b0d55c5ce6bad6808c70dd643ce53283e45dbcce26
704186d9490c3f205c9c414011e890ac1c53f7ae3fc679f4f2cc0978f4a78e78
7cd8220d04001bf93e1f739954f624860e4025f13e08c1d735e6ef957ac4b1dd
7cef803eade3d374bc6d6a1b4a8db168ff0021757e081e8ada7448c392bcec5a
7e998a829849a1ac8f2350b5a30c5d4422b02704370df1bbcce8f92a571bedc4
80e71a57a578bb0fc911615682b09a5f4c4d00b93b8234639bc602d00744e523
822acb88438775b66cafe7e24260c3603547ac391bce5a6bd377f7f18ffcb270
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
852d6ef7e1f541e29805a611f49b52f6ecb7a47679e966c9264db3c177234ba6
898ab48e439e72de77598748c641141700a2e924949b58b264a79acb9ef2dd4f
8f6c5efc3e8d8a11ec75100b7d7dc2f08a6d42ee63f39d9422238140cba5d155
8fd0efa7cf5fdb2577f7ae77d340f36816692f28102694d1fc6594400da599c4
9023ea78f84c3f14bc403bee4b3409723e67ceb3ab9b70433ae5c0c791ca1377
946e23a865fed82b2bfe9d1f443d72f36293c5ca38ca9ea48501f91dbc1c5a8b
96acef92592be7903e2c7f0f9b37749f09909e2c9c60b83407ace22b27f0bd5a
98a96e9df577aae6d2fb7e43adbe0d8cbb35aa67a51b76e0112cef38ede0c290
9c562f46cdc2498bfae9bb32ff202a342efea74b4c9a7bcbee405a76b4a1e5bb
a08a9ee0dfd3289c3fb73f2061cfd20c57f4360b5d10959870ed8f629c4c15d3
a0b4c26571c25d14c784456d895ab1939ef6a2b4ea3daf5602b6d0498c57eb85
a2b777dd96b2b7c1139f3eafb6624feab20fe5cf07f3b611664feebd4363bb2e
aaba7338b5bc04409b692bb7cfc4cb40e2ea637c076f3f36e05722628eb12c11
ae0076dfeafe9b259429d775074d84e172c6075cd087f3605508c558e2e4ae0d
b030526557bc4c53888aec9b945cbf3bab87b076aec80e7229e524cd45e681c3
b03adeb57fde622bcf1dface434b0fe82982af618b1a7f136fa38f4c60baad50
b0dadfe731d533cc40da26f9151bcca69a1bf0f9a916a42b7a73fcb0694cc81b
b554182a791f5fc6b44fa96fb4872967b9de3b97cb4f2daf7e22efe57107c6ca
b826c8d76c5c2f09e57bf6f732ee57676cb436e665b11136c64132d51b8fc22c
bc276adc3232cd6dcf5e32b066c1a51be7beadfea6864c94aedd805045c3dbbd
c0df99d896f6b409b47703361145068963f76a08b8d49d4053a9f6d11628f9ef
c3deded26e68d3ce30ece535336a173cdc54097f393f08701912c39b3b26888b
d49972ad98121fc9bcf3a82c7ecd61686f7f06d21c23ea69eb1067ecfa6da520
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcb5e540e62fc85857254a1066afb6a7e8999279c6d4c583eef855d39f9289c0
dda39042c7dc965f840483d36120485c2077e7c68f088cca9b66396569d4a7f9
ddda1eda9b24348cb9546825d2400b05cfaff6c2dc014066ebec7a4cc73ba760
dead4ab0942615e6d7d796ce05021b944d1ad775e4a7144240c9e57766ef1c96
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4554d9d4fafe8778ea731096a74e71c622c5f132ec7ee7ea3b044acd1ddbcb8
e97dcdf21c32d40eaf24f41f39dce7d2d74db9ad70d47f2ed70277f4507c15f7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f43115d0a9bed7936f530dc123fb77d87435728ed9910acd11674b9cd0d1aeba
fa230b6200d2c9d1d119c8ce144979428a96e5e5e94cf1389f0585098a8a28a8
fa87904726726364ad19a7c4b2f2b20ee10637325601b5aa88ed8bfdcb7117a7
fd80e50f5b108ae2f3633871da65e3b622a75142f0946ebc19007fbe9f3f0667